package com.google.cloud.storage.it;

import com.google.cloud.Binding;
import com.google.cloud.Policy;
import com.google.cloud.storage.Acl;
import com.google.cloud.storage.BlobInfo;
import com.google.cloud.storage.Bucket;
import com.google.cloud.storage.BucketInfo;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageException;
import com.google.cloud.storage.TestUtils;
import com.google.cloud.storage.TransportCompatibility;
import com.google.cloud.storage.it.runner.StorageITRunner;
import com.google.cloud.storage.it.runner.annotations.Backend;
import com.google.cloud.storage.it.runner.annotations.CrossRun;
import com.google.cloud.storage.it.runner.annotations.Inject;
import com.google.cloud.storage.it.runner.registry.Generator;
import com.google.common.collect.ImmutableList;
import com.google.common.truth.Truth;
import java.time.Duration;
import java.util.Collections;
import java.util.List;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;

@CrossRun(transports = {TransportCompatibility.Transport.HTTP, TransportCompatibility.Transport.GRPC}, backends = {Backend.PROD})
@RunWith(StorageITRunner.class)
/* loaded from: input_file:com/google/cloud/storage/it/ITAccessTest.class */
public class ITAccessTest {
    private static final Long RETENTION_PERIOD = 5L;
    private static final Duration RETENTION_PERIOD_DURATION = Duration.ofSeconds(5);

    @Inject
    public Storage storage;

    @Inject
    public TransportCompatibility.Transport transport;

    @Inject
    public BucketInfo bucket;

    @Inject
    public Generator generator;

    @Test
    public void bucket_defaultAcl_get() {
        String name = this.bucket.getName();
        Acl acl = (Acl) this.storage.get(name, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.ACL, Storage.BucketField.DEFAULT_OBJECT_ACL})}).getDefaultAcl().iterator().next();
        Truth.assertThat((Acl) TestUtils.retry429s(() -> {
            return this.storage.getDefaultAcl(name, acl.getEntity());
        }, this.storage)).isEqualTo(acl);
    }

    @Test
    public void bucket_defaultAcl_get_notFoundReturnsNull() {
        Truth.assertThat((Acl) TestUtils.retry429s(() -> {
            return this.storage.getDefaultAcl(this.bucket.getName(), Acl.User.ofAllUsers());
        }, this.storage)).isNull();
    }

    @Test
    public void bucket_defaultAcl_get_bucket404() {
        Truth.assertThat((Acl) TestUtils.retry429s(() -> {
            return this.storage.getDefaultAcl(this.bucket.getName() + "x", Acl.User.ofAllUsers());
        }, this.storage)).isNull();
    }

    @Test
    public void bucket_defaultAcl_list() {
        String name = this.bucket.getName();
        Truth.assertThat((List) TestUtils.retry429s(() -> {
            return this.storage.listDefaultAcls(name);
        }, this.storage)).contains((Acl) this.storage.get(name, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.ACL, Storage.BucketField.DEFAULT_OBJECT_ACL})}).getDefaultAcl().iterator().next());
    }

    @Test
    public void bucket_defaultAcl_list_bucket404() {
        Truth.assertThat(Integer.valueOf(Assert.assertThrows(StorageException.class, () -> {
            TestUtils.retry429s(() -> {
                return this.storage.listDefaultAcls(this.bucket.getName() + "x");
            }, this.storage);
        }).getCode())).isEqualTo(404);
    }

    @Test
    public void bucket_defaultAcl_create() throws Exception {
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(this.generator.randomBucketName()).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build.getBucket();
            Acl of = Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER);
            Acl acl = (Acl) TestUtils.retry429s(() -> {
                return this.storage.createDefaultAcl(bucket.getName(), of);
            }, this.storage);
            Truth.assertThat(acl.getEntity()).isEqualTo(of.getEntity());
            Truth.assertThat(acl.getRole()).isEqualTo(of.getRole());
            Truth.assertThat(acl.getEtag()).isNotEmpty();
            Bucket bucket2 = this.storage.get(bucket.getName(), new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(Storage.BucketField.values())});
            Truth.assertThat(bucket2.getMetageneration()).isNotEqualTo(bucket.getMetageneration());
            ImmutableList<Acl> dropEtags = dropEtags(bucket.getDefaultAcl());
            ImmutableList<Acl> dropEtags2 = dropEtags(bucket2.getDefaultAcl());
            Truth.assertThat(dropEtags2).containsAtLeastElementsIn(dropEtags);
            Truth.assertThat(dropEtags2).contains(of);
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void bucket_defaultAcl_create_bucket404() {
        Acl of = Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER);
        Truth.assertThat(Integer.valueOf(Assert.assertThrows(StorageException.class, () -> {
            TestUtils.retry429s(() -> {
                return this.storage.createDefaultAcl(this.bucket.getName() + "x", of);
            }, this.storage);
        }).getCode())).isEqualTo(404);
    }

    @Test
    public void bucket_defaultAcl_update() throws Exception {
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(this.generator.randomBucketName()).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build.getBucket();
            List defaultAcl = bucket.getDefaultAcl();
            Truth.assertThat(defaultAcl).isNotEmpty();
            Predicate<? super Acl> hasProjectRole = hasProjectRole(Acl.Project.ProjectRole.EDITORS);
            Acl acl = (Acl) defaultAcl.stream().filter(hasRole(Acl.Role.OWNER).and(hasProjectRole)).findFirst().get();
            Acl of = Acl.of(acl.getEntity(), Acl.Role.READER);
            Acl acl2 = (Acl) TestUtils.retry429s(() -> {
                return this.storage.updateDefaultAcl(bucket.getName(), of);
            }, this.storage);
            Truth.assertThat(acl2.getEntity()).isEqualTo(of.getEntity());
            Truth.assertThat(acl2.getRole()).isEqualTo(of.getRole());
            Truth.assertThat(acl2.getEtag()).isNotEmpty();
            Bucket bucket2 = this.storage.get(bucket.getName(), new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(Storage.BucketField.values())});
            Truth.assertThat(bucket2.getMetageneration()).isNotEqualTo(bucket.getMetageneration());
            ImmutableList<Acl> dropEtags = dropEtags((List) bucket.getDefaultAcl().stream().filter(hasProjectRole.negate()).collect(Collectors.toList()));
            ImmutableList<Acl> dropEtags2 = dropEtags(bucket2.getDefaultAcl());
            Truth.assertThat(dropEtags2).containsAtLeastElementsIn(dropEtags);
            Truth.assertThat(dropEtags2).doesNotContain(acl);
            Truth.assertThat(dropEtags2).contains(of);
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void bucket_defaultAcl_update_bucket404() {
        Acl of = Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER);
        Truth.assertThat(Integer.valueOf(Assert.assertThrows(StorageException.class, () -> {
            TestUtils.retry429s(() -> {
                return this.storage.updateDefaultAcl(this.bucket.getName() + "x", of);
            }, this.storage);
        }).getCode())).isEqualTo(404);
    }

    @Test
    public void bucket_defaultAcl_delete() throws Exception {
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(this.generator.randomBucketName()).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build.getBucket();
            List defaultAcl = bucket.getDefaultAcl();
            Truth.assertThat(defaultAcl).isNotEmpty();
            Predicate<? super Acl> hasProjectRole = hasProjectRole(Acl.Project.ProjectRole.VIEWERS);
            Acl.Entity entity = ((Acl) defaultAcl.stream().filter(hasRole(Acl.Role.READER).and(hasProjectRole)).findFirst().get()).getEntity();
            Truth.assertThat(Boolean.valueOf(((Boolean) TestUtils.retry429s(() -> {
                return Boolean.valueOf(this.storage.deleteDefaultAcl(bucket.getName(), entity));
            }, this.storage)).booleanValue())).isTrue();
            Bucket bucket2 = this.storage.get(bucket.getName(), new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(Storage.BucketField.values())});
            Truth.assertThat(bucket2.getMetageneration()).isNotEqualTo(bucket.getMetageneration());
            ImmutableList<Acl> dropEtags = dropEtags((List) bucket.getDefaultAcl().stream().filter(hasProjectRole.negate()).collect(Collectors.toList()));
            ImmutableList<Acl> dropEtags2 = dropEtags(bucket2.getDefaultAcl());
            Truth.assertThat(dropEtags2).containsAtLeastElementsIn(dropEtags);
            Truth.assertThat(Boolean.valueOf(dropEtags2.stream().map((v0) -> {
                return v0.getEntity();
            }).filter(entity2 -> {
                return entity2.equals(entity);
            }).findAny().isPresent())).isFalse();
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void bucket_defaultAcl_delete_bucket404() {
        Truth.assertThat(Boolean.valueOf(((Boolean) TestUtils.retry429s(() -> {
            return Boolean.valueOf(this.storage.deleteDefaultAcl(this.bucket.getName() + "x", Acl.User.ofAllUsers()));
        }, this.storage)).booleanValue())).isEqualTo(false);
    }

    @Test
    public void bucket_defaultAcl_delete_noExistingAcl() throws Exception {
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(this.generator.randomBucketName()).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build.getBucket();
            Truth.assertThat(Boolean.valueOf(((Boolean) TestUtils.retry429s(() -> {
                return Boolean.valueOf(this.storage.deleteDefaultAcl(bucket.getName(), Acl.User.ofAllUsers()));
            }, this.storage)).booleanValue())).isEqualTo(false);
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testBucketWithBucketPolicyOnlyEnabled() throws Exception {
        doTestUniformBucketLevelAccessAclImpact(BucketInfo.IamConfiguration.newBuilder().setIsBucketPolicyOnlyEnabled(true).build());
    }

    @Test
    public void testBucketWithUniformBucketLevelAccessEnabled() throws Exception {
        doTestUniformBucketLevelAccessAclImpact(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(true).build());
    }

    private void doTestUniformBucketLevelAccessAclImpact(BucketInfo.IamConfiguration iamConfiguration) throws Exception {
        String randomBucketName = this.generator.randomBucketName();
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(Bucket.newBuilder(randomBucketName).setIamConfiguration(iamConfiguration).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build.getBucket();
            Assert.assertTrue(bucket.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
            Assert.assertNotNull(bucket.getIamConfiguration().getUniformBucketLevelAccessLockedTimeOffsetDateTime());
            if (this.transport == TransportCompatibility.Transport.HTTP) {
                StorageException assertThrows = Assert.assertThrows(StorageException.class, () -> {
                    this.storage.listAcls(randomBucketName);
                });
                TestUtils.assertAll(() -> {
                    Truth.assertThat(Integer.valueOf(assertThrows.getCode())).isEqualTo(400);
                }, () -> {
                    Truth.assertThat(assertThrows.getReason()).isEqualTo("invalid");
                });
                StorageException assertThrows2 = Assert.assertThrows(StorageException.class, () -> {
                    this.storage.listDefaultAcls(randomBucketName);
                });
                TestUtils.assertAll(() -> {
                    Truth.assertThat(Integer.valueOf(assertThrows2.getCode())).isEqualTo(400);
                }, () -> {
                    Truth.assertThat(assertThrows2.getReason()).isEqualTo("invalid");
                });
            } else if (this.transport == TransportCompatibility.Transport.GRPC) {
                Truth.assertThat(this.storage.listAcls(randomBucketName)).isEmpty();
                Truth.assertThat(this.storage.listDefaultAcls(randomBucketName)).isEmpty();
            }
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testEnableAndDisableUniformBucketLevelAccessOnExistingBucket() throws Exception {
        String randomBucketName = this.generator.randomBucketName();
        BucketInfo.IamConfiguration build = BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(false).build();
        TemporaryBucket build2 = TemporaryBucket.newBuilder().setBucketInfo(Bucket.newBuilder(randomBucketName).setIamConfiguration(build).setAcl(ImmutableList.of(Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER))).setDefaultAcl(ImmutableList.of(Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER))).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build2.getBucket();
            Truth.assertThat(bucket.getIamConfiguration().isUniformBucketLevelAccessEnabled()).isFalse();
            this.storage.update(bucket.toBuilder().setAcl((Iterable) null).setDefaultAcl((Iterable) null).setIamConfiguration(build.toBuilder().setIsUniformBucketLevelAccessEnabled(true).build()).build(), new Storage.BucketTargetOption[]{Storage.BucketTargetOption.metagenerationMatch()});
            Bucket bucket2 = this.storage.get(randomBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.IAMCONFIGURATION})});
            Assert.assertTrue(bucket2.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
            Assert.assertNotNull(bucket2.getIamConfiguration().getUniformBucketLevelAccessLockedTime());
            bucket2.toBuilder().setIamConfiguration(build).build().update(new Storage.BucketTargetOption[0]);
            Bucket bucket3 = this.storage.get(randomBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.IAMCONFIGURATION, Storage.BucketField.ACL, Storage.BucketField.DEFAULT_OBJECT_ACL})});
            Assert.assertFalse(bucket3.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
            Assert.assertEquals(Acl.User.ofAllAuthenticatedUsers(), ((Acl) bucket3.getDefaultAcl().get(0)).getEntity());
            Assert.assertEquals(Acl.Role.READER, ((Acl) bucket3.getDefaultAcl().get(0)).getRole());
            Assert.assertEquals(Acl.User.ofAllAuthenticatedUsers(), ((Acl) bucket3.getAcl().get(0)).getEntity());
            Assert.assertEquals(Acl.Role.READER, ((Acl) bucket3.getAcl().get(0)).getRole());
            if (build2 != null) {
                build2.close();
            }
        } catch (Throwable th) {
            if (build2 != null) {
                try {
                    build2.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testEnforcedPublicAccessPreventionOnBucket() throws Exception {
        String randomBucketName = this.generator.randomBucketName();
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(randomBucketName).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setPublicAccessPrevention(BucketInfo.PublicAccessPrevention.ENFORCED).build()).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build.getBucket();
            try {
                this.storage.setIamPolicy(randomBucketName, Policy.newBuilder().setVersion(3).setBindings(ImmutableList.of(Binding.newBuilder().setRole("roles/storage.objectViewer").addMembers("allUsers", new String[0]).build())).build(), new Storage.BucketSourceOption[0]);
                Assert.fail("pap: expected adding allUsers policy to bucket should fail");
            } catch (StorageException e) {
                Assert.assertEquals(e.getCode(), 412L);
            }
            try {
                this.storage.create(BlobInfo.newBuilder(bucket, "pap-test-object").build(), new Storage.BlobTargetOption[]{Storage.BlobTargetOption.predefinedAcl(Storage.PredefinedAcl.PUBLIC_READ)});
                Assert.fail("pap: expected adding allUsers ACL to object should fail");
            } catch (StorageException e2) {
                Assert.assertEquals(e2.getCode(), 412L);
            }
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testUnspecifiedPublicAccessPreventionOnBucket() throws Exception {
        String randomBucketName = this.generator.randomBucketName();
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(randomBucketName).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setPublicAccessPrevention(BucketInfo.PublicAccessPrevention.INHERITED).build()).build()).setStorage(this.storage).build();
        try {
            try {
                this.storage.create(BlobInfo.newBuilder(build.getBucket(), "pap-test-object").build(), new Storage.BlobTargetOption[]{Storage.BlobTargetOption.predefinedAcl(Storage.PredefinedAcl.PUBLIC_READ)});
            } catch (StorageException e) {
                Assert.fail("pap: expected adding allUsers ACL to object to succeed");
            }
            try {
                this.storage.setIamPolicy(randomBucketName, Policy.newBuilder().setVersion(3).setBindings(ImmutableList.of(Binding.newBuilder().setRole("roles/storage.objectViewer").addMembers("allUsers", new String[0]).build())).build(), new Storage.BucketSourceOption[0]);
            } catch (StorageException e2) {
                Assert.fail("pap: expected adding allUsers policy to bucket to succeed");
            }
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void changingPAPDoesNotAffectUBLA() throws Exception {
        String randomBucketName = this.generator.randomBucketName();
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(randomBucketName).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setPublicAccessPrevention(BucketInfo.PublicAccessPrevention.INHERITED).setIsUniformBucketLevelAccessEnabled(false).build()).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build.getBucket();
            Assert.assertEquals(bucket.getIamConfiguration().getPublicAccessPrevention(), BucketInfo.PublicAccessPrevention.INHERITED);
            Assert.assertFalse(bucket.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
            Assert.assertFalse(bucket.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
            this.storage.update(bucket.toBuilder().setIamConfiguration(bucket.getIamConfiguration().toBuilder().setPublicAccessPrevention(BucketInfo.PublicAccessPrevention.ENFORCED).build()).build(), new Storage.BucketTargetOption[]{Storage.BucketTargetOption.metagenerationMatch()});
            Bucket bucket2 = this.storage.get(randomBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.IAMCONFIGURATION})});
            Assert.assertEquals(bucket2.getIamConfiguration().getPublicAccessPrevention(), BucketInfo.PublicAccessPrevention.ENFORCED);
            Assert.assertFalse(bucket2.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
            Assert.assertFalse(bucket2.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void changingUBLADoesNotAffectPAP() throws Exception {
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(this.generator.randomBucketName()).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setPublicAccessPrevention(BucketInfo.PublicAccessPrevention.INHERITED).setIsUniformBucketLevelAccessEnabled(false).build()).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build.getBucket();
            Assert.assertEquals(bucket.getIamConfiguration().getPublicAccessPrevention(), BucketInfo.PublicAccessPrevention.INHERITED);
            Assert.assertFalse(bucket.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
            Assert.assertFalse(bucket.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
            Bucket update = this.storage.update(bucket.toBuilder().setIamConfiguration(bucket.getIamConfiguration().toBuilder().setIsUniformBucketLevelAccessEnabled(true).build()).setAcl(Collections.emptyList()).setDefaultAcl(Collections.emptyList()).build(), new Storage.BucketTargetOption[]{Storage.BucketTargetOption.metagenerationMatch()});
            Assert.assertEquals(update.getIamConfiguration().getPublicAccessPrevention(), BucketInfo.PublicAccessPrevention.INHERITED);
            Assert.assertTrue(update.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
            Assert.assertTrue(update.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testRetentionPolicyNoLock() throws Exception {
        String randomBucketName = this.generator.randomBucketName();
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(randomBucketName).setRetentionPeriod(RETENTION_PERIOD).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build.getBucket();
            Truth.assertThat(bucket.getRetentionPeriod()).isEqualTo(RETENTION_PERIOD);
            Truth.assertThat(bucket.getRetentionPeriodDuration()).isEqualTo(RETENTION_PERIOD_DURATION);
            Assert.assertNotNull(bucket.getRetentionEffectiveTime());
            Truth.assertThat(bucket.retentionPolicyIsLocked()).isAnyOf((Object) null, false, new Object[0]);
            Bucket bucket2 = this.storage.get(randomBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.RETENTION_POLICY})});
            Assert.assertEquals(RETENTION_PERIOD, bucket2.getRetentionPeriod());
            Truth.assertThat(bucket2.getRetentionPeriodDuration()).isEqualTo(RETENTION_PERIOD_DURATION);
            Assert.assertNotNull(bucket2.getRetentionEffectiveTime());
            Truth.assertThat(bucket2.retentionPolicyIsLocked()).isAnyOf((Object) null, false, new Object[0]);
            Assert.assertNotNull(this.storage.create(BlobInfo.newBuilder(randomBucketName, this.generator.randomObjectName()).build(), new Storage.BlobTargetOption[0]).getRetentionExpirationTime());
            Assert.assertNull(bucket2.toBuilder().setRetentionPeriod((Long) null).build().update(new Storage.BucketTargetOption[0]).getRetentionPeriod());
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testEnableAndDisableBucketPolicyOnlyOnExistingBucket() throws Exception {
        String randomBucketName = this.generator.randomBucketName();
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(Bucket.newBuilder(randomBucketName).setAcl(ImmutableList.of(Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER))).setDefaultAcl(ImmutableList.of(Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER))).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build.getBucket();
            Truth.assertThat(bucket.getIamConfiguration().isBucketPolicyOnlyEnabled()).isFalse();
            BucketInfo.IamConfiguration build2 = BucketInfo.IamConfiguration.newBuilder().setIsBucketPolicyOnlyEnabled(true).build();
            this.storage.update(bucket.toBuilder().setAcl((Iterable) null).setDefaultAcl((Iterable) null).setIamConfiguration(build2).build(), new Storage.BucketTargetOption[]{Storage.BucketTargetOption.metagenerationMatch()});
            Bucket bucket2 = this.storage.get(randomBucketName, new Storage.BucketGetOption[0]);
            Assert.assertTrue(bucket2.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
            Assert.assertNotNull(bucket2.getIamConfiguration().getBucketPolicyOnlyLockedTime());
            bucket2.toBuilder().setIamConfiguration(build2.toBuilder().setIsBucketPolicyOnlyEnabled(false).build()).build().update(new Storage.BucketTargetOption[0]);
            Bucket bucket3 = this.storage.get(randomBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.IAMCONFIGURATION, Storage.BucketField.ACL, Storage.BucketField.DEFAULT_OBJECT_ACL})});
            Assert.assertFalse(bucket3.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
            Assert.assertEquals(Acl.User.ofAllAuthenticatedUsers(), ((Acl) bucket3.getDefaultAcl().get(0)).getEntity());
            Assert.assertEquals(Acl.Role.READER, ((Acl) bucket3.getDefaultAcl().get(0)).getRole());
            Assert.assertEquals(Acl.User.ofAllAuthenticatedUsers(), ((Acl) bucket3.getAcl().get(0)).getEntity());
            Assert.assertEquals(Acl.Role.READER, ((Acl) bucket3.getAcl().get(0)).getRole());
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ImmutableList<Acl> dropEtags(List<Acl> list) {
        return (ImmutableList) list.stream().map(ITAccessTest::dropEtag).collect(ImmutableList.toImmutableList());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Acl dropEtag(Acl acl) {
        return Acl.of(acl.getEntity(), acl.getRole());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Predicate<Acl> hasRole(Acl.Role role) {
        return acl -> {
            return acl.getRole().equals(role);
        };
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Predicate<Acl> hasProjectRole(Acl.Project.ProjectRole projectRole) {
        return acl -> {
            Acl.Project entity = acl.getEntity();
            if (entity.getType().equals(Acl.Entity.Type.PROJECT)) {
                return entity.getProjectRole().equals(projectRole);
            }
            return false;
        };
    }
}
